Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: lots of connections to 64.40.117.19 port 80
From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 18 Apr 2008 10:38:56 -0400


Recently I have seen a lots of connections to 64.40.117.19 port 80 in 
one of our clients network.
  

could be a lot of things .. do you have tcpdump? .. a packet trace would 
make your attempt at collective troubleshooting a *lot* easier .. but 
DDOS is an easy "malicious" guess. Non-malicious ones could be something 
like a blog/article on that box that just got featured on Digg/Slashdot/etc.

Connections are coming from all over the Internet (various different 
IPs) specifically to this IP.
  

Yeah .. that's how the Internet works.

What kind of problem this could be?
Has anybody seen this kind of attack before?
  

Do you admin that box at 64.40.117.19? .. if it's a webserver, check the 
logs .. what's being requested?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault